#6 Social Engineering Takes Many Forms
Baiting offers the reader something in exchange for private information. This could take the form of a free music download or a glimpse at once svelte movie stars who now look like train wrecks in their bathing suits. Quizzes on Facebook may seem perfectly innocent but, in some instances, you may be submitting answers that are the same as those employed for security questions with your on-line banking and mortgage accounts. Seen any offers for free credit reports lately? Proceed with caution. Better yet, don’t proceed at all. There are a number of scams offering free credit reports that include credit charges with account numbers you don’t recognize. Then when you call to dispute the charge, you may be lured into correcting the mistake by submitting your legitimate account number, your security code or even your social security number. Phone numbers can be spoofed which catches a lot of people off guard because most of us are used to trusting numbers from known entities as the gold standard of verification. Ditto on text messages. If you sign up for newsletters, gated content offers on Facebook, and participate in social media petitions, you could be agreeing to service terms that allow them to sell your number or you may be giving your number directly to a fraudulent entity. Social engineering is not always technology-centric. Tailgating happens when an unauthorized person follows an employee into a restricted area at their company. Fraudsters commonly ask unsuspecting employees to hold doors for them, claiming they forgot their badge or they may intentionally have their hands full and expect human empathy to take them over the finish line.
#7 Avoid Unauthorized Software & Devices
Don’t install unauthorized programs on your work computer or plug in personal devices such as laptops, USBs, MP3 players and smartphones without permission from your manager. Even a brand-new device or USB flash drive could be infected with malware. Devices can be compromised with code waiting to launch as soon as you plug them in. It’s also a good idea to turn off/disable Bluetooth and wireless services when not in use. Don’t give hackers any windows to visit any of your networks, no matter how insignificant they may seem. If you have an unprotected home network (non-password/user ID authenticated) and you happen to have banking statements on your laptop, threat actors in your parking lot can find the information if they happen to be looking for it. People like this do the same thing in parking lots at commercial establishments with Wifi.
#8 Simplify Your Digital Life
Unsubscribe from email lists – ones that crowd your work email inbox as well as your Yahoo or Gmail account. Less clutter means fewer opportunities to step on the proverbial grenade. This also allows you to focus on what’s actionable. Get anything of value off your desktop and into a file sharing schema that is secure and backed up. Post with caution. You don’t want Facebook to serve as a geo-tracking device to notify criminals that the coast is clear every time you upload a shot of your foot and a drink from a recliner in St. Croix. You should exercise similar caution with LinkedIn. Be careful about posting financial details, gripes about company policy or detailed technical information about your computer network. Certain phone systems have user manuals online that explain how to reset passwords which means a nefarious third-party could take down your entire voice system or rack up tolls charges in the thousands of dollars.
#9 Get A Password Manager
Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, user names and passwords – the most common digital credentials used today – are all that stands between employees and vital online services including corporate networks, social media sites, e-commerce and many others. Sharing corporate email addresses and passwords with your Yahoo, LinkedIn and Facebook accounts is a bad idea. Therefore, one of the best security practices you can implement is to use a completely different password for every service you use. Sixty-percent of Americans follow this process but an astounding 40% do not. A simple password manager can make the transition a breeze. Popular options include Blur, Sticky Password, Keeper, Password Boss, LastPass and Dashlane. You only have to remember one master password and the password manager will store all of your sites, encrypt their passwords, allow you to activate 2-factor authentication, set reminders to create new passwords, and even help you generate new ones. It also helps you stay organized because all your most important sites are conveniently housed within the password manager portal.